[DEFAULT]
debug = {{ keystone_logging_debug }}

transport_url = {{ rpc_transport_url }}

# NOTE(elemoine) log_dir alone does not work for Keystone
log_file = /var/log/keystone/keystone.log
use_stderr = True

[oslo_middleware]
enable_proxy_headers_parsing = True

{% if keystone_policy_file is defined %}
[oslo_policy]
policy_file = {{ keystone_policy_file }}
{% endif %}

[database]
connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ database_address }}:{{ database_port }}/{{ keystone_database_name }}
min_pool_size = {{ keystone_db_min_pool_size }}
max_pool_size = {{ keystone_db_max_pool_size }}
pool_timeout = {{ keystone_db_pool_timeout }}
max_retries = {{ keystone_db_max_retries }}
max_overflow = {{ keystone_db_max_overflow }}
db_retry_interval = {{ keystone_db_retry_interval }}
db_inc_retry_interval = {{ keystone_db_inc_retry_interval }}
db_max_retry_interval = {{ keystone_db_max_retry_interval }}
db_max_retries = {{ keystone_db_max_retries }}


[token]
revoke_by_id = False
provider = fernet
expiration = {{ fernet_token_expiry }}
allow_expired_window = {{ fernet_token_allow_expired_window }}

[fernet_tokens]
# Keystone docs note:
#   max_active_keys =
#     ((token_expiration + allow_expired_window) / rotation_frequency) + 2
# https://docs.openstack.org/keystone/stein/admin/fernet-token-faq.html
#
# Use (x + y - 1) / y to round up integer division.
max_active_keys = {{ ((fernet_token_expiry | int +
                       fernet_token_allow_expired_window | int +
                       fernet_key_rotation_interval | int - 1) //
                      fernet_key_rotation_interval | int) + 2 }}

[cache]
backend = oslo_cache.memcache_pool
enabled = True
memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}

[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
driver = messagingv2

[oslo_messaging_rabbit]
amqp_durable_queues = {{ keystone_amqp_durable_queues }}
